admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

If user has manage tenant permission then only showing the tenants he/she created

Browse Source
This commit is contained in:
ashutosh.nehete 2025-08-23 13:07:20 +05:30
parent bd4f1d5e69
commit 68027ded77
2 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Marco.Pms.Services/Controllers/TenantController.cs
View File

@ -88,20 +88,24 @@ namespace Marco.Pms.Services.Controllers
try try
{ {
// --- 1. PERMISSION CHECK --- // --- 1. PERMISSION CHECK ---
var currentTenant = await _userHelper.GetCurrentTenant();
if (currentTenant == null)
{
_logger.LogWarning("Authentication failed: No logged-in tenant found.");
return StatusCode(403, ApiResponse<object>.ErrorResponse("Authentication required", "Tenant not found", 403));
}
var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync(); var loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
if (loggedInEmployee == null) if (loggedInEmployee == null)
{ {
// This case should be handled by the [Authorize] attribute.
// This check is a safeguard.
_logger.LogWarning("Authentication failed: No logged-in employee found."); _logger.LogWarning("Authentication failed: No logged-in employee found.");
return StatusCode(403, ApiResponse<object>.ErrorResponse("Authentication required", "User is not logged in.", 403)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Authentication required", "User is not logged in.", 403));
} }
// A root user should have access regardless of the specific permission. // A root user should have access regardless of the specific permission.
var isRootUser = loggedInEmployee.ApplicationUser?.IsRootUser ?? false; var isSuperTenant = currentTenant.IsSuperTenant;
var hasPermission = await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id); var hasPermission = await _permissionService.HasPermission(PermissionsMaster.ManageTenants, loggedInEmployee.Id);
if (!hasPermission || !isRootUser) if (!hasPermission && !isSuperTenant)
{ {
_logger.LogWarning("Permission denied: User {EmployeeId} attempted to list tenants without 'ManageTenants' permission or root access.", loggedInEmployee.Id); _logger.LogWarning("Permission denied: User {EmployeeId} attempted to list tenants without 'ManageTenants' permission or root access.", loggedInEmployee.Id);
return StatusCode(403, ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403)); return StatusCode(403, ApiResponse<object>.ErrorResponse("Access denied", "User does not have the required permissions for this action.", 403));
@ -114,6 +118,11 @@ namespace Marco.Pms.Services.Controllers
// Start with a base IQueryable. Filters will be appended to this. // Start with a base IQueryable. Filters will be appended to this.
var tenantQuery = _context.Tenants.Where(t => t.IsActive); var tenantQuery = _context.Tenants.Where(t => t.IsActive);
if (hasPermission && !isSuperTenant)
{
tenantQuery = tenantQuery.Where(t => t.Id == currentTenant.Id || t.CreatedById == loggedInEmployee.Id);
}
// Apply advanced filters from the JSON filter object. // Apply advanced filters from the JSON filter object.
var tenantFilter = TryDeserializeFilter(filter); var tenantFilter = TryDeserializeFilter(filter);
if (tenantFilter != null) if (tenantFilter != null)

14
Marco.Pms.Services/Helpers/UserHelper.cs
View File

@ -1,9 +1,10 @@
using System.Security.Claims; using Marco.Pms.DataAccess.Data;
using Marco.Pms.DataAccess.Data;
using Marco.Pms.Model.Employees; using Marco.Pms.Model.Employees;
using Marco.Pms.Model.Entitlements; using Marco.Pms.Model.Entitlements;
using Marco.Pms.Model.TenantModels;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using System.Security.Claims;
namespace MarcoBMS.Services.Helpers namespace MarcoBMS.Services.Helpers
{ {
@ -25,6 +26,15 @@ namespace MarcoBMS.Services.Helpers
var tenant = _httpContextAccessor.HttpContext?.User.FindFirst("TenantId")?.Value; var tenant = _httpContextAccessor.HttpContext?.User.FindFirst("TenantId")?.Value;
return (tenant != null ? Guid.Parse(tenant) : Guid.Empty); return (tenant != null ? Guid.Parse(tenant) : Guid.Empty);
} }
public async Task<Tenant?> GetCurrentTenant()
{
var tenantId = _httpContextAccessor.HttpContext?.User.FindFirst("TenantId")?.Value;
if (tenantId != null)
{
return await _context.Tenants.FirstOrDefaultAsync(t => t.Id == Guid.Parse(tenantId));
}
return null;
}
public async Task<IdentityUser?> GetCurrentUserAsync() public async Task<IdentityUser?> GetCurrentUserAsync()
{ {